Login | Cookie e session

[Vash SD]

Form di login:

codice:

<form method="post" name="login" action="<?php echo $path; ?>verify.php" onSubmit="return (verifyLogin());">
<input class="input_login" type="text" name="user" value="Username" onFocus="this.value=''; this.style.background='#ffffff'" onBlur="this.style.background='#f0f0f0'">
	   <input class="input_login" type="password" name="pass" value="Password" onFocus="this.value=''; this.style.background='#ffffff'" onBlur="this.style.background='#f0f0f0'">
	   <input type="checkbox" name="ck_ricordami">
	   <input class="button_login" type="submit" value="Login">
</form>

verify.php

Codice PHP:

<?php
// Raccolgo i dati dal form di login (Username, Password e Checkbox) e cripto la password
$user = $_POST['user'];
$pass_non_criptata = $_POST['pass'];
$pass = md5($pass_non_criptata);
$chk_ricordami = $_POST['chk_ricordami'];

// Se i campi dell'username e della password non sono vuoti
include 'include/config.php';

// Mi connetto al db
$db = mysql_connect("$hostname_db","$username_db","$password_db") or die("Connessione non riuscita: " . mysql_error());    
mysql_select_db("$database_db", $db);
$query = "SELECT * FROM runner WHERE nickname='$user' AND passw='$pass'";
$result = mysql_query($query);
$row = mysql_num_rows($result);
    
// Se i dati sono corretti
if ($row > 0)
    {
    session_start();
    $_SESSION['user_session'] = $user;
    $_SESSION['id_session'] = $row['id_runner'];
    if ($chk_ricordami)
        {
        setcookie("ricordami", "ricordami", time()+2592000);
        setcookie("user_cookie", "$user", time()+2592000);
        setcookie("id_cookie", $row['id_runner'], time()+2592000);
        }
    mysql_close($db);
    header("location: index.php");
    }
else {echo "Dati non corretti!";}
?>

Index:

Codice PHP:

<?php
// Verifico i cookie e la session
session_start();
$id_session = $_SESSION['id_session'];
$user_session = $_COOKIE['user_cookie'];
$id_cookie = $_COOKIE['id_cookie'];
$user_cookie = $_COOKIE['user_cookie'];

if (!isset($id_cookie)) {
    if (isset($id_session)) {
        $id = $id_cookie;
        $user = $user_cookie;
        }
    }
else {
    $id = id_session;
    $user = user_session;
    }

if (isset($id)) 
    {echo "Sei loggato! <a href=\"logout.php\">Logout</a>";}
else
    {echo "Non sei loggato";}
?>

logout.php

Codice PHP:

<?php
session_destroy();
unset($_SESSION['user_session']);
unset($_SESSION['id_session']);

setcookie("ricordami", "", time()-2592000);
setcookie("user_cookie", "", time()-2592000);
setcookie("id_cookie", "", time()-2592000);

header("location: index.php");
?>

Il form funziona e anche la query di verify.php, però non mi registra nè la session nè il cookie.
Poi per verificare se l'utente è loggato e il logout va bene?

Rignrazio anticipatamente tutti... buona serata!